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CLAIMS 

1. A method of securing a device having data communication capa- 
bility, comprising 

- dynamically detecting a control connection, which originates from 
said device, 

- noticing negotiation of a related connection within said control 
connection, said negotiation comprising at least defining a port of the device 
for said related connection, 

- checking if relationship between said port of the device and the 
control connection fulfills predefined criteria, and 

- conditionally blocking said related connection, if said port of the 
device does not fulfill said predefined criteria. 

2. A method according to claim 1 , wherein said predefined criteria 
requires that said port of the device is opened within a predefined time window 
in relation to noticing negotiation of a related connection within said control 
connection. 

3. A method according to claim 1 , wherein said predefined criteria 
requires that said control connection and said port of the device are opened by 
the same process family. 

4. A method according to claim 1 , wherein said device is running an 

applet. 

5. A method according to claim 4, wherein said control connection 
originates from the applet. 

6. A device having data communication capability and comprising a 
module, which is configured to 

- dynamically detect a control connection, which originates from 
said device, 

- notice negotiation of a related connection within said control con- 
nection, said negotiation comprising at least defining a port of the device for 
said related connection, 
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- check if relationship between said port of the device and the con- 
trol connection fulfills predefined criteria, and 

- conditionally block said related connection, if said port of the de- 
vice does not fulfill said predefined criteria. 

7. A device according to claim 6, wherein said device is running an 

applet. 



8. A computer readable storage medium comprising a computer 
program that carries out steps procedure which comprises 

dynamically detecting a control connection, which originates from 
said device, 

- noticing negotiation of a related connection within said control 
connection, said negotiation comprising at least defining a port of the device 
for said related connection, 

- checking if relationship between said port of the device and the 
control connection fulfills predefined criteria, and 

- conditionally blocking said related connection, if said port of the 
device does not fulfill said predefined criteria. 

9. A computer readable storage medium according to claim 8, 
wherein said predefined criteria requires that said port of the device is opened 
within a predefined time window in relation to noticing negotiation of a related 
connection within said control connection. 



10. A computer readable storage medium according to claim 8, 
wherein said predefined criteria requires that said control connection and said 
port of the device are opened by the same process family. 

1 1 . A computer readable storage medium according to claim 8, 
wherein said device is running an applet. 

12. A computer readable storage medium according to claim 8, 
wherein said control connection originates from the applet. 
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13. A computer readable storage medium, comprising 

a computer program that carries out a personal firewall process 
which further includes 

dynamically detecting a control connection, which originates from 
said device, 

- noticing negotiation of a related connection within said control 
connection, said negotiation comprising at least defining a port of the device 
for said related connection, 

- checking if relationship between said port of the device and the 
control connection fulfills predefined criteria, and 

- conditionally blocking said related connection, if said port of the 
device does not fulfill said predefined criteria. 

14. A device having data communication capability and comprising 
a first detector dynamically detecting a control connection, which 

originates from said device, 

a second detector detecting a negotiation of a related connection 
within said control connection, said negotiation comprising at least defining a 
port of the device for said related connection, 

a controller checking if relationship between said port of the device 
and the control connection fulfills predefined criteria, and 

said controller conditionally blocking said related connection, if said 
port of the device does not fulfill said predefined criteria. 

15. A device according to claim 14, wherein said device is running 

an applet. 
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